Windows PowerShell script to check for specific hotfix

I was asked by our IT department to write something that would check if a specific Windows Update hotfix was installed on a number of servers (they gave me list), and they wanted it ASAP.

So, I thought, hmm…this is the perfect opportunity to give Microsoft’s new scripting tool, Windows PowerShell, a try. I tip my hat to Microsoft for creating this tool – it was about time – since something like this has been in need to combat the “last mile” in the IT world.

It shouldn’t take more than 5 minutes to write this script, but being familiar with the .NET Framework is sort of a prerequisite:

# Get content
$computers = get-content c:\computers.txt

# Get all the info using WMI
$results = get-wmiobject -class “Win32_QuickFixEngineering” -namespace “root\CIMV2” -computername $computers

# Loop through $results and look for a match then output to screen
foreach ($objItem in $results)
{
    if ($objItem.HotFixID -match “KB932168”)
    {
        write-host $objItem.CSName
        write-host “Hotfix KB932168 installed”
        write-host
    }
}

To use it:

1. Copy-and-paste this into notepad and save it as scriptname.ps1.

2. Set the execution policy, as Microsoft intentionally set it up like *nix scripts (right on!) wherein you need to chmod it, like so: Set-ExecutionPolicy Unrestricted.

Note: There are different execution policies, such as “AllSigned.” Google it if you want to know more about it.

3. Run it from the powershell by typing .\scriptname.ps1.

4. That’s it! Now wait for the results.

This script, unfortunately, will only print out the servers that have the specific “KB932168” (read: an example) hotfix installed. I could’ve expanded the script to output a list of servers that didn’t have it and output it to a text file using the Out-File cmdlet, but, at the end, it served its purpose and got the results our IT department needed.

BTW, this script will work on Win2k3, XP, Win2k, and Win98 – but the corresponding .NET Framework (version 2.0 is good; version 3.0 is already out) must be installed on the target machine. Also, know that the Windows PowerShell only works on Windows.

Hope this helps! =0)

Yumex to the rescue!

Yumex is a yum extender that provides a GUI for package management.

So why am I writing about it, well, read on…

I had written recently about my upgrading from Fedora Core 1 to Fedora Core 6, and one major, annoying issue I encountered was with the yum updates.

I encountered approximately 5 conflicts and about 2 dependency errors.  I believe it was with php-do and php and some elib libraries.  I know, I know.  You’re thinking, “if it ain’t broke, don’t fix it,” right?  Well, unfortunately, I can only take so much of that.

So, with the mission at hand, I started googling for fixes and finally found a thread about yumex.  I yum installed it, went into init 5 (I run init 3 by default), vnc‘ed into my box and run it.

After having used it, I strongly recommend you give it a try, especially if you have problems updating via a terminal window.

What yumex gives you is the freedom to update only certain packages via a click-and-process method; for example to fix my problem, I updated 15-20 packages at a time, continuously went through the list until I came across the offending package.  I then took care of problematic ones one-by-one.

Pretty cool, ey…All you need to complete this process is patience and a book.  =0)

iptables script

I’ve been running Fedora Core 1 for about, hmm…5 years(?) on my little ‘ole work-horse server, but this reliable/stable OS has started showing its age.  Repository issues, keeping software and everything else up-to-date.  Ugh.  =0( 

I was initially sold on installing RHEL ES 4 (I had the disks already), but my server had problems with the “transferring image to install…” phase.  So, I took it as a sign to stick with Fedora, which I was happy about since I’m used to it.  More importantly, however, it was an opportunity to try out the new Fedora Core release.

So with tools in hand, I backed up all my scripts and website files and installed Fedora Core 6 last night.  It took about 4 hours to install and configure – in fact, I started a “how-to” on my wiki, just in case I have to do it all over again.

OK, so enough of the rambling.  This post is, after all, about iptables (hats off to to the netfilter.org guys/gals and thanks to Dan Farino for helping out with this).  BTW, I had to disable the security firewall on Fedora to have more control over the firewall.

Steps to take:

  1. Open up a terminal
  2. cd /usr/local/src
  3. mkdir iptables
  4. vi iptables
  5. Copy and paste the script below
  6. chmod 777 scriptname
  7. ./scriptname

Verify no errors occurred, then once done, type the following:

tail -f /var/log/messages

From this point, watch for some interesting stuff.  =0)

Simple enough, huh?  Hopefully, you can make use of this script to build your personal *nix firewall.  Take care.

Make sure /proc/sys/net/ipv4/p_forward is ‘1’ and both ip_conntrack_ftp & ip_nat_ftp modules are loaded (use modprobe modulename).

#————————————————-#

# flush and delete chains
iptables -F
iptables -X
iptables -t nat -F

# default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

iptables -t nat –policy PREROUTING ACCEPT
iptables -t nat –policy POSTROUTING ACCEPT
iptables -t nat –policy OUTPUT ACCEPT

# new user-defined chains
iptables -N tcp-state-flags
iptables -N fragments
iptables -N spoof
iptables -N syn-flood

iptables -N log-tcp-state
iptables -N log-drop-spoof

iptables -N log-input-accept

iptables -N log-input-drop
iptables -N log-fwd-drop

#————————————————-#

# input rules
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i ! eth0 -j ACCEPT
iptables -A INPUT -p tcp -j tcp-state-flags
iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -f -j fragments
iptables -A INPUT -m state –state NEW -j spoof
iptables -A INPUT -p tcp –dport 80 -m state –state NEW -j ACCEPT
iptables -A INPUT -j log-input-drop

# forward rules
iptables -A FORWARD -i lo -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -j log-fwd-drop

# output rules
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -o eth0 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth1 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state –state INVALID -j DROP

#————————————————-#

# tcp-state-flags rules
iptables -A tcp-state-flags -p tcp –tcp-flags ALL NONE -j log-tcp-state
iptables -A tcp-state-flags -p tcp –tcp-flags SYN,FIN SYN,FIN -j log-tcp-state
iptables -A tcp-state-flags -p tcp –tcp-flags SYN,RST SYN,RST -j log-tcp-state
iptables -A tcp-state-flags -p tcp –tcp-flags FIN,RST FIN,RST -j log-tcp-state
iptables -A tcp-state-flags -p tcp –tcp-flags ACK,FIN FIN -j log-tcp-state
iptables -A tcp-state-flags -p tcp –tcp-flags ACK,PSH PSH -j log-tcp-state
iptables -A tcp-state-flags -p tcp –tcp-flags ACK,URG URG -j log-tcp-state

# fragments rules
iptables -A fragments -f -j LOG –log-level info –log-prefix “___ipt:fragment___: “
iptables -A fragments -f -j DROP

# spoof rules
iptables -A spoof -s 127.0.0.0/8 -j log-drop-spoof
iptables -A spoof -s 10.0.0.0/8 -j log-drop-spoof
iptables -A spoof -s 255.255.255.255 -j log-drop-spoof
iptables -A spoof -s 0.0.0.0/8 -j log-drop-spoof
iptables -A spoof -s 169.254.0.0/16 -j log-drop-spoof
iptables -A spoof -s 172.16.0.0/12 -j log-drop-spoof
iptables -A spoof -s 192.0.2.0/24 -j log-drop-spoof
iptables -A spoof -s 192.168.0.0/16 -j log-drop-spoof
iptables -A spoof -s 224.0.0.0/4 -j log-drop-spoof
iptables -A spoof -s 248.0.0.0/5 -j log-drop-spoof
iptables -A spoof -s 240.0.0.0/5 -j log-drop-spoof

# syn-flood rules
iptables -A syn-flood -m limit –limit 1/s –limit-burst 4 -j RETURN
iptables -A syn-flood -j LOG –log-level info –log-prefix “___ipt-fw:syn-flood___: “
iptables -A syn-flood -j DROP

# log-tcp-state rules
iptables -A log-tcp-state -j LOG –log-level info –log-prefix “___ipt:invalid-tcp-flag___: “
iptables -A log-tcp-state -j DROP

# log-drop-spoof rules
iptables -A log-drop-spoof -j LOG –log-level info –log-prefix “___ipt:spoof,mcast___: “
iptables -A log-drop-spoof -j DROP

# log-input-accept rules
iptables -A log-input-accept -j LOG –log-level info –log-prefix “___ipt:input-accept___: “
iptables -A log-input-accept -j ACCEPT

# log-input-drop
iptables -A log-input-drop -j LOG –log-level info –log-prefix “___ipt:input-drop___: “
iptables -A log-input-drop -j DROP

# log-fwd-drop
iptables -A log-fwd-drop -j LOG –log-level info –log-prefix “___ipt:fwd-drop___: “
iptables -A log-fwd-drop -j DROP

#————————————————-#

# postrouting
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

#————————————————-#

# activate rules
iptables-save
iptables-save > /etc/sysconfig/iptables
service iptables restart

#————————————————-#

Add text highlighting in ASP.NET 2.0 GridView

I built an ASP.NET 2.0 web application [for the company I work for] that streamlined the deployment process to our production environment. It processed, tracked, archived, and notified automatically on each step of the deployment process.

So with that in mind, I’ll be showing you how to add text highlighting in a GridView; for example, a Date & Time column (i.e., red=overdue, green=still OK), which, at work, presented to the the technical group if a deployment was late or not. =0)

Here’s a screenshot:

Fig. 1.1 – Text highlighting in ASP.NET 2.0 GridView

Text highlighting in ASP.NET GridView

Adding this feature is quite easy. The first thing you’ll need to do is add a RowDataBound event in the GridView code:

<font size="2"><span style="color: #0000ff">&lt;</span><span style="color: #a31515">asp</span><span style="color: #0000ff">:</span><span style="color: #a31515">GridView</span> <span style="color: #ff0000">OnRowDataBound</span><span style="color: #0000ff">="GridView_RowDataBound"&gt;</span></font>

The second thing is add an ASP label within an ASP template field, like so:
<font size="2"><span style="color: #0000ff">&lt;</span><span style="color: #a31515">asp</span><span style="color: #0000ff">:</span><span style="color: #a31515">TemplateField</span> <span style="color: #ff0000">HeaderText</span><span style="color: #0000ff">="Date &amp; Time"</span>

            <span style="color: #ff0000">SortExpression</span></font><font size="2"><span style="color: #0000ff">="TargetDateTime"&gt;

</span>    <span style="color: #0000ff">&lt;</span><span style="color: #a31515">ItemTemplate</span></font><font size="2"><span style="color: #0000ff">&gt;

</span>        <span style="color: #0000ff">&lt;</span><span style="color: #a31515">asp</span><span style="color: #0000ff">:</span><span style="color: #a31515">Label</span> <span style="color: #ff0000">ID</span><span style="color: #0000ff">="lblTargetDateTime"</span> <span style="color: #ff0000">runat</span><span style="color: #0000ff">="server"</span>

                <span style="color: #ff0000">Text</span><span style="color: #0000ff">='</span><span style="background: #ffee62 none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial">&lt;%</span># Eval("TargetDateTime") <span style="background: #ffee62 none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial">%&gt;<span style="color: #0000ff"></span>'</span> </font><font size="2"><span style="color: #0000ff">/&gt;

</span>    <span style="color: #0000ff">&lt;/</span><span style="color: #a31515">ItemTemplate</span></font><font size="2"><span style="color: #0000ff">&gt;

</span><span style="color: #0000ff">&lt;/</span><span style="color: #a31515">asp</span><span style="color: #0000ff">:</span><span style="color: #a31515">TemplateField</span><span style="color: #0000ff">&gt;</span></font>

Pretty simple so far, ‘ey?  Now, to the last bread-and-butter step, the code-behind file:

<font size="2"><span style="color: #0000ff">using</span> System.Drawing;</font><font size="2">
</font><span style="color: #0000ff"><font size="2">private</font></span><font size="2"> <span style="color: #0000ff">void</span> GridView_RowDataBound(<span style="color: #0000ff">object</span> sender,

        <span style="color: #2b91af">GridViewRowEventArgs</span> e)

{

    </font><font size="2"><span style="color: #008000">// Find control to add text highlighting

</span>    <span style="color: #0000ff">if</span> (e.Row.RowType == <span style="color: #2b91af">DataControlRowType</span>.DataRow)

    {

        </font><font size="2"><span style="color: #008000">// Create Label datatype then cast and assign control

</span>        <span style="color: #2b91af">Label</span> dateTimeType =

            (<span style="color: #2b91af">Label</span>)e.Row.FindControl(<span style="color: #a31515">"lblTargetDateTime"</span>);</font>

<font size="2">
</font><font size="2">        </font><font size="2"><span style="color: #008000">// Instantiate new DateTime object

</span>        <span style="color: #2b91af">DateTime</span> dateTime = <span style="color: #0000ff">new</span> <span style="color: #2b91af">DateTime</span>();

        dateTime = <span style="color: #2b91af">Convert</span>.ToDateTime(dateTimeType.Text);</font>

<font size="2">
</font><font size="2">        </font><font size="2"><span style="color: #008000">// Set coloring based on date and time

</span>        <span style="color: #0000ff">if</span> (<span style="color: #2b91af">DateTime</span>.Compare(dateTime, <span style="color: #2b91af">DateTime</span>.Today) &gt;= 0)

            dateTimeType.BackColor = Color.LawnGreen;

        </font><font size="2"><span style="color: #0000ff">else

</span>            dateTimeType.BackColor = Color.Red;

    }

}</font>

That’s it! Using text highlighting in your GridView not only makes it look “pretty,” but also emphasizes a record’s importance based on colors.

The power of ‘$’ in Windows

The $ character not only exudes money and power, but is also useful in many dynamically-typed languages, such as Perl and Windows PowerShell. I won’t be discussing it’s use in any of these languages, but rather, how you can take advantage of it in one powerful way: To share a folder in “steath-mode.”

Here’s how:

  1. Navigate to the folder you’d like to share.
  2. Access the Sharing and Security properties.
  3. Share the folder like so: FolderName$, then apply the change.
  4. Next go to the Security tab and add the user with the appropriate permissions.

That’s pretty much it. To access, type the following from the Run command: \\ComputerName\FolderName$